skills/jeremylongshore/claude-code-plugins-plus-skills/fireflies-security-basics/Gen Agent Trust Hub
fireflies-security-basics
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Includes a
curlcommand designed to verify API key validity by contacting the official Fireflies.ai health endpoint. - [DATA_EXFILTRATION]: References the use of
.envfiles for local secret storage but provides correct security guidance to exclude these files from version control via.gitignore. - [SAFE]: Implements industry-standard security patterns, such as timing-safe comparisons for webhook signature verification and least-privilege scoping advice.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing external data from environment variables and webhook payloads in
SKILL.md. - Ingestion points: Environment variables (
FIREFLIES_READ_KEY,FIREFLIES_WRITE_KEY) and webhook data (payload,signature). - Boundary markers: None present for the interpolated environment data.
- Capability inventory: Employs
Read,Write, andGreptools as defined in the skill metadata. - Sanitization: Uses
crypto.timingSafeEqualto validate external signatures, preventing timing attacks.
Audit Metadata